Help hiding Speckle 🤔

Hi guys

I am developing an application that uses Speckle as a data transfer framework (only). Meaning, users from my application do not know about Speckle (connectors, frontend…) at all. I have a server application that talks to Speckle and I am using the ADMIN_OVERRIDE_ENABLED=true plus an ADMIN account to manage things server side. Now…

  • Objective: I want to use the Speckle.Core library to send data from my application without the need for my users to authenticate with Speckle. Right now I could have my backend use my speckle admin account to create a token with streams:write scope and a very short lifespan.

  • Issue: The issue is that even with a short lifespan, and only one scope, my token is still an admin token right? That’s not a major security issue at the moment since our application is only internal, but its something we would like to address.

  • Example: I don’t have one, but I have a simplified diagram of what we’re working with.

Would you have any ideas or examples of doing what we’re trying to do?

Why not have a user account in addition to the admin account and use a token from that account?

That’s also a possible solution. Although I tried that road and it became not so easy to manage our own user accounts together with speckle user accounts. The main issue was: users from my application might use our organization’s speckle server for other reasons (e.g. normal speckle usage through the connectors). If my application is managing speckle user accounts there might be a conflict of interest.

The way my application is looking to use Speckle is similar to what I see as “service accounts”, where my server acts with its own identity (my admin account). Which I see on the documentation is not currently supported.

Sorry, what I meant is similar in scope to that. A user account for your app. Not an account for each your servers users.


That’s what I got now, is just that I need it to be an admin one. But this gives a good idea, I can have two accounts, one being only a normal user. :slight_smile: